Release 20.02.2023 | Change PWD after 2FA
New
-
New behavior when trying to access disabled functionality: now the user is redirected to the home page.
Warninglog is written with information about the disabled functionality. -
Handling cases where a user logged in with an expired password. Before changing the expired password, the user is redirected to the the second factor confirm page. And only after confirming the second factor, the user will be returned to the expired password change form. Main steps:
- Submit login page. If password is expired, go to step 2.
- Confirm 2FA.
- Create a 2 minute password changing session. If during this session you go to any existed page of the SSP, each time you will be redirected to the password change page. If session is expired or if authentication token is invalidated, go to step 1.
- Redirect to the password change page. Set new password and submit form.
- Redirect to the login page.
-
Password changing session. To configure session options you can specify the following settings in the configuration file:
pwd-changing-session-lifetime(optional) - session lifetime inhh:mm:ssformat (00:02:00 by default).
-
Extended logging:
warningif the login/password are correct, but the password is expired.warningif user was redirected to the change password page but the password management is not enabled.
-
404/unhandled Error catching: now in case of unhandled error technical page will be displayed and the
errorlog will be written.